diff -up shadow-4.8.1/man/chage.1.xml.manfix shadow-4.8.1/man/chage.1.xml
--- shadow-4.8.1/man/chage.1.xml.manfix	2019-10-05 01:28:34.000000000 +0200
+++ shadow-4.8.1/man/chage.1.xml	2020-03-17 15:34:48.750414984 +0100
@@ -102,6 +102,9 @@
 	    Set the number of days since January 1st, 1970 when the password
 	    was last changed. The date may also be expressed in the format
 	    YYYY-MM-DD (or the format more commonly used in your area).
+	    If the <replaceable>LAST_DAY</replaceable> is set to
+	    <emphasis>0</emphasis> the user is forced to change his password
+	    on the next log on.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -119,6 +122,13 @@
 	    system again.
 	  </para>
 	  <para>
+	    For example the following can be used to set an account to expire
+	    in 180 days:
+	  </para>
+	  <programlisting>
+	    chage -E $(date -d +180days +%Y-%m-%d)
+	  </programlisting>
+	  <para>
 	    Passing the number <emphasis remap='I'>-1</emphasis> as the
 	    <replaceable>EXPIRE_DATE</replaceable> will remove an account
 	    expiration date.
@@ -239,6 +249,18 @@
       The <command>chage</command> program requires a shadow password file to
       be available.
     </para>
+    <para>
+      The chage program will report only the information from the shadow
+      password file. This implies that configuration from other sources
+     (e.g. LDAP or empty password hash field from the passwd file) that
+     affect the user's login will not be shown in the chage output.
+    </para>
+    <para>
+      The <command>chage</command> program will also not report any
+      inconsistency between the shadow and passwd files (e.g. missing x in
+      the passwd file). The <command>pwck</command> can be used to check
+      for this kind of inconsistencies.
+    </para>
     <para>The <command>chage</command> command is restricted to the root
       user, except for the <option>-l</option> option, which may be used by
       an unprivileged user to determine when their password or account is due
diff -up shadow-4.8.1/man/groupadd.8.xml.manfix shadow-4.8.1/man/groupadd.8.xml
--- shadow-4.8.1/man/groupadd.8.xml.manfix	2020-03-17 15:34:48.745414917 +0100
+++ shadow-4.8.1/man/groupadd.8.xml	2020-03-17 15:34:48.750414984 +0100
@@ -320,13 +320,13 @@
 	<varlistentry>
 	  <term><replaceable>4</replaceable></term>
 	  <listitem>
-	    <para>GID not unique (when <option>-o</option> not used)</para>
+	    <para>GID is already used (when called without <option>-o</option>)</para>
 	  </listitem>
 	</varlistentry>
 	<varlistentry>
 	  <term><replaceable>9</replaceable></term>
 	  <listitem>
-	    <para>group name not unique</para>
+	    <para>group name is already used</para>
 	  </listitem>
 	</varlistentry>
 	<varlistentry>
diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml
--- shadow-4.8.1/man/groupmems.8.xml.manfix	2020-03-17 15:34:48.750414984 +0100
+++ shadow-4.8.1/man/groupmems.8.xml	2020-03-17 15:41:13.383588722 +0100
@@ -179,20 +179,10 @@
   <refsect1 id='setup'>
     <title>SETUP</title>
     <para>
-      The <command>groupmems</command> executable should be in mode
-      <literal>2710</literal> as user <emphasis>root</emphasis> and in group
-      <emphasis>groups</emphasis>. The system administrator can add users to
-      group <emphasis>groups</emphasis> to allow or disallow them using the
-      <command>groupmems</command> utility to manage their own group
-      membership list.
+      In this operating system the <command>groupmems</command> executable
+      is not setuid and regular users cannot use it to manipulate
+      the membership of their own group.
     </para>
-
-    <programlisting>
-	$ groupadd -r groups
-	$ chmod 2710 groupmems
-	$ chown root.groups groupmems
-	$ groupmems -g groups -a gk4
-    </programlisting>
   </refsect1>
 
   <refsect1 id='configuration'>
diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5
--- shadow-4.8.1/man/ja/man5/login.defs.5.manfix	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/man/ja/man5/login.defs.5	2020-03-17 15:34:48.750414984 +0100
@@ -147,10 +147,6 @@ 以下の参照表は、
 shadow パスワード機能のどのプログラムが
 どのパラメータを使用するかを示したものである。
 .na
-.IP chfn 12
-CHFN_AUTH CHFN_RESTRICT
-.IP chsh 12
-CHFN_AUTH
 .IP groupadd 12
 GID_MAX GID_MIN
 .IP newusers 12
diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml
--- shadow-4.8.1/man/login.defs.5.xml.manfix	2020-01-17 16:47:56.000000000 +0100
+++ shadow-4.8.1/man/login.defs.5.xml	2020-03-17 15:34:48.750414984 +0100
@@ -164,6 +164,17 @@
       long numeric parameters is machine-dependent.
     </para>
 
+    <para>
+      Please note that the parameters in this configuration file control the
+      behavior of the tools from the shadow-utils component. None of these
+      tools uses the PAM mechanism, and the utilities that use PAM (such as the
+      passwd command) should be configured elsewhere. The only values that
+      affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
+      for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
+      and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
+      pam(8) for more information.
+    </para>
+
     <para>The following configuration items are provided:</para>
 
     <variablelist remap='IP'>
@@ -256,16 +267,6 @@
 	</listitem>
       </varlistentry>
       <varlistentry>
-	<term>chfn</term>
-	<listitem>
-	  <para>
-	    <phrase condition="no_pam">CHFN_AUTH</phrase>
-	    CHFN_RESTRICT
-	    <phrase condition="no_pam">LOGIN_STRING</phrase>
-	  </para>
-	</listitem>
-      </varlistentry>
-      <varlistentry>
 	<term>chgpasswd</term>
 	<listitem>
 	  <para>
@@ -286,14 +287,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry condition="no_pam">
-	<term>chsh</term>
-	<listitem>
-	  <para>
-	    CHSH_AUTH LOGIN_STRING
-	  </para>
-	</listitem>
-      </varlistentry>
       <!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
       <!-- faillog: no variables -->
       <varlistentry>
@@ -359,34 +352,6 @@
 	  <para>LASTLOG_UID_MAX</para>
 	</listitem>
       </varlistentry>
-      <varlistentry>
-	<term>login</term>
-	<listitem>
-	  <para>
-	    <phrase condition="no_pam">CONSOLE</phrase>
-	    CONSOLE_GROUPS DEFAULT_HOME
-	    <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
-	    ENV_TZ ENVIRON_FILE</phrase>
-	    ERASECHAR FAIL_DELAY
-	    <phrase condition="no_pam">FAILLOG_ENAB</phrase>
-	    FAKE_SHELL
-	    <phrase condition="no_pam">FTMP_FILE</phrase>
-	    HUSHLOGIN_FILE
-	    <phrase condition="no_pam">ISSUE_FILE</phrase>
-	    KILLCHAR
-	    <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
-	    LOGIN_RETRIES
-	    <phrase condition="no_pam">LOGIN_STRING</phrase>
-	    LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
-	    <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
-	    MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
-	    QUOTAS_ENAB</phrase>
-	    TTYGROUP TTYPERM TTYTYPE_FILE
-	    <phrase condition="no_pam">ULIMIT UMASK</phrase>
-	    USERGROUPS_ENAB
-	  </para>
-	</listitem>
-      </varlistentry>
       <!-- logoutd: no variables -->
       <varlistentry>
 	<term>newgrp / sg</term>
@@ -415,17 +380,6 @@
 	</listitem>
       </varlistentry>
       <!-- nologin: no variables -->
-      <varlistentry condition="no_pam">
-	<term>passwd</term>
-	<listitem>
-	  <para>
-	    ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
-	    PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
-	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
-	    SHA_CRYPT_MIN_ROUNDS</phrase>
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>pwck</term>
 	<listitem>
@@ -452,32 +406,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry>
-	<term>su</term>
-	<listitem>
-	  <para>
-	    <phrase condition="no_pam">CONSOLE</phrase>
-	    CONSOLE_GROUPS DEFAULT_HOME
-	    <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
-	    ENV_PATH ENV_SUPATH
-	    <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
-	    MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
-	    SULOG_FILE SU_NAME
-	    <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
-	    SYSLOG_SU_ENAB
-	    <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
-	  </para>
-	</listitem>
-      </varlistentry>
-      <varlistentry>
-	<term>sulogin</term>
-	<listitem>
-	  <para>
-	    ENV_HZ
-	    <phrase condition="no_pam">ENV_TZ</phrase>
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>useradd</term>
 	<listitem>
diff -up shadow-4.8.1/man/shadow.5.xml.manfix shadow-4.8.1/man/shadow.5.xml
--- shadow-4.8.1/man/shadow.5.xml.manfix	2019-12-01 17:52:32.000000000 +0100
+++ shadow-4.8.1/man/shadow.5.xml	2020-03-17 15:34:48.750414984 +0100
@@ -129,7 +129,7 @@
 	<listitem>
 	  <para>
 	    The date of the last password change, expressed as the number
-	    of days since Jan 1, 1970.
+	    of days since Jan 1, 1970 00:00 UTC.
 	  </para>
 	  <para>
 	    The value 0 has a special meaning, which is that the user
@@ -208,8 +208,8 @@
 	  </para>
 	  <para>
 	    After expiration of the password and this expiration period is
-	    elapsed, no login is possible using the current user's
-	    password.  The user should contact her administrator.
+	    elapsed, no login is possible for the user.
+	    The user should contact her administrator.
 	  </para>
 	  <para>
 	    An empty field means that there are no enforcement of an
@@ -224,7 +224,7 @@
 	<listitem>
 	  <para>
 	    The date of expiration of the account, expressed as the number
-	    of days since Jan 1, 1970.
+	    of days since Jan 1, 1970 00:00 UTC.
 	  </para>
 	  <para>
 	    Note that an account expiration differs from a password
diff -up shadow-4.8.1/man/useradd.8.xml.manfix shadow-4.8.1/man/useradd.8.xml
--- shadow-4.8.1/man/useradd.8.xml.manfix	2020-03-17 15:34:48.745414917 +0100
+++ shadow-4.8.1/man/useradd.8.xml	2020-03-17 15:34:48.751414997 +0100
@@ -359,6 +359,11 @@
 	    <option>CREATE_HOME</option> is not enabled, no home
 	    directories are created.
 	  </para>
+	  <para>
+	    The directory where the user's home directory is created must
+	    exist and have proper SELinux context and permissions. Otherwise
+	    the user's home directory cannot be created or accessed.
+	  </para>
 	</listitem>
       </varlistentry>
       <varlistentry>
diff -up shadow-4.8.1/man/usermod.8.xml.manfix shadow-4.8.1/man/usermod.8.xml
--- shadow-4.8.1/man/usermod.8.xml.manfix	2019-12-20 06:58:23.000000000 +0100
+++ shadow-4.8.1/man/usermod.8.xml	2020-03-17 15:34:48.751414997 +0100
@@ -143,7 +143,8 @@
 	    If the <option>-m</option>
 	    option is given, the contents of the current home directory will
 	    be moved to the new home directory, which is created if it does
-	    not already exist.
+	    not already exist. If the current home directory does not exist
+	    the new home directory will not be created.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -205,6 +206,12 @@
 	    The group ownership of files outside of the user's home directory
 	    must be fixed manually.
 	  </para>
+	  <para>
+	    The change of the group ownership of files inside of the user's
+	    home directory is also not done if the home dir owner uid is
+	    different from the current or new user id. This is safety measure
+	    for special home directories such as <filename>/</filename>.
+	  </para>
 	</listitem>
       </varlistentry>
       <varlistentry>
@@ -267,7 +274,8 @@
 	<listitem>
 	  <para>
 	    Move the content of the user's home directory to the new
-	    location.
+	    location. If the current home directory does not exist
+	    the new home directory will not be created.
 	  </para>
 	  <para>
 	    This option is only valid in combination with the
@@ -381,6 +389,12 @@
 	    must be fixed manually.
 	  </para>
 	  <para>
+	    The change of the user ownership of files inside of the user's
+	    home directory is also not done if the home dir owner uid is
+	    different from the current or new user id. This is safety measure
+	    for special home directories such as <filename>/</filename>.
+	  </para>
+	  <para>
 	    No checks will be performed with regard to the
 	    <option>UID_MIN</option>, <option>UID_MAX</option>,
 	    <option>SYS_UID_MIN</option>, or <option>SYS_UID_MAX</option>
